Loading…

Consolidating Packet-Level Features for Effective Network Intrusion Detection: A Novel Session-Level Approach

Network Intrusion Detection Systems (NIDSs) are crucial tools for ensuring cyber security. Recently, machine learning-based NIDSs have gained popularity due to their ability to adapt to various anomalies. To enable machine learning techniques, packet-level features have been proposed for packet-leve...

Full description

Saved in:

Bibliographic Details
Published in:	IEEE access 2023, Vol.11, p.132792-132810
Main Authors:	Miyamoto, Kohei, Iida, Masazumi, Han, Chansu, Ban, Tao, Takahashi, Takeshi, Takeuchi, Jun'ichi
Format:	Article
Language:	English
Subjects:	Anomalies Benchmark testing Classification Cybersecurity Feature extraction Intrusion detection systems Machine learning Network intrusion detection Network security network traffic analysis Payloads Prototypes Real-time systems System effectiveness Telecommunication traffic
Citations:	Items that this one cites
Online Access:	Get full text
Tags:	Add Tag No Tags, Be the first to tag this record!

cited_by
cites	cdi_FETCH-LOGICAL-c359t-e53b672cc2929a36819726f59dc8c11f12b1d1dfae3da37f5f36b2852a3fb32c3
container_end_page	132810
container_issue
container_start_page	132792
container_title	IEEE access
container_volume	11
creator	Miyamoto, Kohei Iida, Masazumi Han, Chansu Ban, Tao Takahashi, Takeshi Takeuchi, Jun'ichi
description	Network Intrusion Detection Systems (NIDSs) are crucial tools for ensuring cyber security. Recently, machine learning-based NIDSs have gained popularity due to their ability to adapt to various anomalies. To enable machine learning techniques, packet-level features have been proposed for packet-level classification, but this approach may generate an excessive number of security alerts and reduce performance due to irrelevant packets. To address these limitations, this paper proposes a session-level classification approach that consolidates packet-level classification outputs to identify anomalous sessions. The effectiveness of the proposed approach is demonstrated by a prototype system. Experiments on a publicly available benchmark dataset demonstrate the high performance of proposed approach achieving F1-measure exceeding 98%. It also shows that even when we used only a few packets in head parts of each session to obtain session-level predictions, the high F1-measure still could be achieved. This result implies that the proposed approach is also efficient in terms of the number of packets to be processed. These results highlight the promising potential of the proposed approach for adaptive network intrusion detection.
doi_str_mv	10.1109/ACCESS.2023.3335600
format	article
fullrecord	<record><control><sourceid>proquest_ieee_</sourceid><recordid>TN_cdi_proquest_journals_2896026999</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>10325518</ieee_id><doaj_id>oai_doaj_org_article_4315d058776543a78c92e5edae561ba8</doaj_id><sourcerecordid>2896026999</sourcerecordid><originalsourceid>FETCH-LOGICAL-c359t-e53b672cc2929a36819726f59dc8c11f12b1d1dfae3da37f5f36b2852a3fb32c3</originalsourceid><addsrcrecordid>eNpNUcFO4zAQjRArgVi-AA6WOKfYHuzY3KpQlkoVu1J3z5bjjCGlxMV2We3fk5BqxVxm9Gbemxm9orhgdMYY1dfzul6s1zNOOcwAQEhKj4pTzqQuQYA8_lKfFOcpbegQaoBEdVq81qFPYdu1Nnf9E_ll3QvmcoXvuCX3aPM-YiI-RLLwHl3u3pE8Yv4b4gtZ9jnuUxd6cod57IX-lszJYxi5a0xj66A03-1isO75e_HN223C80M-K_7cL37XD-Xq549lPV-VDoTOJQpoZMWd45prC1IxXXHphW6dcox5xhvWstZbhNZC5YUH2XAluAXfAHdwViwn3TbYjdnF7tXGfybYznwCIT4ZG3PntmhugImWClVVUtyArZTTHAW2FoVkjVWD1tWkNbzwtseUzSbsYz-cb7jSknKptR6mYJpyMaQU0f_fyqgZbTKTTWa0yRxsGliXE6tDxC8M4EIwBR_Lz45o</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2896026999</pqid></control><display><type>article</type><title>Consolidating Packet-Level Features for Effective Network Intrusion Detection: A Novel Session-Level Approach</title><source>IEEE Xplore Open Access Journals</source><creator>Miyamoto, Kohei ; Iida, Masazumi ; Han, Chansu ; Ban, Tao ; Takahashi, Takeshi ; Takeuchi, Jun'ichi</creator><creatorcontrib>Miyamoto, Kohei ; Iida, Masazumi ; Han, Chansu ; Ban, Tao ; Takahashi, Takeshi ; Takeuchi, Jun'ichi</creatorcontrib><description>Network Intrusion Detection Systems (NIDSs) are crucial tools for ensuring cyber security. Recently, machine learning-based NIDSs have gained popularity due to their ability to adapt to various anomalies. To enable machine learning techniques, packet-level features have been proposed for packet-level classification, but this approach may generate an excessive number of security alerts and reduce performance due to irrelevant packets. To address these limitations, this paper proposes a session-level classification approach that consolidates packet-level classification outputs to identify anomalous sessions. The effectiveness of the proposed approach is demonstrated by a prototype system. Experiments on a publicly available benchmark dataset demonstrate the high performance of proposed approach achieving F1-measure exceeding 98%. It also shows that even when we used only a few packets in head parts of each session to obtain session-level predictions, the high F1-measure still could be achieved. This result implies that the proposed approach is also efficient in terms of the number of packets to be processed. These results highlight the promising potential of the proposed approach for adaptive network intrusion detection.</description><identifier>ISSN: 2169-3536</identifier><identifier>EISSN: 2169-3536</identifier><identifier>DOI: 10.1109/ACCESS.2023.3335600</identifier><identifier>CODEN: IAECCG</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>Anomalies ; Benchmark testing ; Classification ; Cybersecurity ; Feature extraction ; Intrusion detection systems ; Machine learning ; Network intrusion detection ; Network security ; network traffic analysis ; Payloads ; Prototypes ; Real-time systems ; System effectiveness ; Telecommunication traffic</subject><ispartof>IEEE access, 2023, Vol.11, p.132792-132810</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2023</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c359t-e53b672cc2929a36819726f59dc8c11f12b1d1dfae3da37f5f36b2852a3fb32c3</cites><orcidid>0000-0002-0977-4155 ; 0000-0002-1728-5300 ; 0000-0002-9616-3212 ; 0000-0002-6477-7770 ; 0000-0002-5819-3082</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/10325518$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>314,780,784,4024,27633,27923,27924,27925,54933</link.rule.ids></links><search><creatorcontrib>Miyamoto, Kohei</creatorcontrib><creatorcontrib>Iida, Masazumi</creatorcontrib><creatorcontrib>Han, Chansu</creatorcontrib><creatorcontrib>Ban, Tao</creatorcontrib><creatorcontrib>Takahashi, Takeshi</creatorcontrib><creatorcontrib>Takeuchi, Jun'ichi</creatorcontrib><title>Consolidating Packet-Level Features for Effective Network Intrusion Detection: A Novel Session-Level Approach</title><title>IEEE access</title><addtitle>Access</addtitle><description>Network Intrusion Detection Systems (NIDSs) are crucial tools for ensuring cyber security. Recently, machine learning-based NIDSs have gained popularity due to their ability to adapt to various anomalies. To enable machine learning techniques, packet-level features have been proposed for packet-level classification, but this approach may generate an excessive number of security alerts and reduce performance due to irrelevant packets. To address these limitations, this paper proposes a session-level classification approach that consolidates packet-level classification outputs to identify anomalous sessions. The effectiveness of the proposed approach is demonstrated by a prototype system. Experiments on a publicly available benchmark dataset demonstrate the high performance of proposed approach achieving F1-measure exceeding 98%. It also shows that even when we used only a few packets in head parts of each session to obtain session-level predictions, the high F1-measure still could be achieved. This result implies that the proposed approach is also efficient in terms of the number of packets to be processed. These results highlight the promising potential of the proposed approach for adaptive network intrusion detection.</description><subject>Anomalies</subject><subject>Benchmark testing</subject><subject>Classification</subject><subject>Cybersecurity</subject><subject>Feature extraction</subject><subject>Intrusion detection systems</subject><subject>Machine learning</subject><subject>Network intrusion detection</subject><subject>Network security</subject><subject>network traffic analysis</subject><subject>Payloads</subject><subject>Prototypes</subject><subject>Real-time systems</subject><subject>System effectiveness</subject><subject>Telecommunication traffic</subject><issn>2169-3536</issn><issn>2169-3536</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><sourceid>DOA</sourceid><recordid>eNpNUcFO4zAQjRArgVi-AA6WOKfYHuzY3KpQlkoVu1J3z5bjjCGlxMV2We3fk5BqxVxm9Gbemxm9orhgdMYY1dfzul6s1zNOOcwAQEhKj4pTzqQuQYA8_lKfFOcpbegQaoBEdVq81qFPYdu1Nnf9E_ll3QvmcoXvuCX3aPM-YiI-RLLwHl3u3pE8Yv4b4gtZ9jnuUxd6cod57IX-lszJYxi5a0xj66A03-1isO75e_HN223C80M-K_7cL37XD-Xq549lPV-VDoTOJQpoZMWd45prC1IxXXHphW6dcox5xhvWstZbhNZC5YUH2XAluAXfAHdwViwn3TbYjdnF7tXGfybYznwCIT4ZG3PntmhugImWClVVUtyArZTTHAW2FoVkjVWD1tWkNbzwtseUzSbsYz-cb7jSknKptR6mYJpyMaQU0f_fyqgZbTKTTWa0yRxsGliXE6tDxC8M4EIwBR_Lz45o</recordid><startdate>2023</startdate><enddate>2023</enddate><creator>Miyamoto, Kohei</creator><creator>Iida, Masazumi</creator><creator>Han, Chansu</creator><creator>Ban, Tao</creator><creator>Takahashi, Takeshi</creator><creator>Takeuchi, Jun'ichi</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>7SR</scope><scope>8BQ</scope><scope>8FD</scope><scope>JG9</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>DOA</scope><orcidid>https://orcid.org/0000-0002-0977-4155</orcidid><orcidid>https://orcid.org/0000-0002-1728-5300</orcidid><orcidid>https://orcid.org/0000-0002-9616-3212</orcidid><orcidid>https://orcid.org/0000-0002-6477-7770</orcidid><orcidid>https://orcid.org/0000-0002-5819-3082</orcidid></search><sort><creationdate>2023</creationdate><title>Consolidating Packet-Level Features for Effective Network Intrusion Detection: A Novel Session-Level Approach</title><author>Miyamoto, Kohei ; Iida, Masazumi ; Han, Chansu ; Ban, Tao ; Takahashi, Takeshi ; Takeuchi, Jun'ichi</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c359t-e53b672cc2929a36819726f59dc8c11f12b1d1dfae3da37f5f36b2852a3fb32c3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Anomalies</topic><topic>Benchmark testing</topic><topic>Classification</topic><topic>Cybersecurity</topic><topic>Feature extraction</topic><topic>Intrusion detection systems</topic><topic>Machine learning</topic><topic>Network intrusion detection</topic><topic>Network security</topic><topic>network traffic analysis</topic><topic>Payloads</topic><topic>Prototypes</topic><topic>Real-time systems</topic><topic>System effectiveness</topic><topic>Telecommunication traffic</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Miyamoto, Kohei</creatorcontrib><creatorcontrib>Iida, Masazumi</creatorcontrib><creatorcontrib>Han, Chansu</creatorcontrib><creatorcontrib>Ban, Tao</creatorcontrib><creatorcontrib>Takahashi, Takeshi</creatorcontrib><creatorcontrib>Takeuchi, Jun'ichi</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005–Present</collection><collection>IEEE Xplore Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Engineered Materials Abstracts</collection><collection>METADEX</collection><collection>Technology Research Database</collection><collection>Materials Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>Directory of Open Access Journals</collection><jtitle>IEEE access</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Miyamoto, Kohei</au><au>Iida, Masazumi</au><au>Han, Chansu</au><au>Ban, Tao</au><au>Takahashi, Takeshi</au><au>Takeuchi, Jun'ichi</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Consolidating Packet-Level Features for Effective Network Intrusion Detection: A Novel Session-Level Approach</atitle><jtitle>IEEE access</jtitle><stitle>Access</stitle><date>2023</date><risdate>2023</risdate><volume>11</volume><spage>132792</spage><epage>132810</epage><pages>132792-132810</pages><issn>2169-3536</issn><eissn>2169-3536</eissn><coden>IAECCG</coden><abstract>Network Intrusion Detection Systems (NIDSs) are crucial tools for ensuring cyber security. Recently, machine learning-based NIDSs have gained popularity due to their ability to adapt to various anomalies. To enable machine learning techniques, packet-level features have been proposed for packet-level classification, but this approach may generate an excessive number of security alerts and reduce performance due to irrelevant packets. To address these limitations, this paper proposes a session-level classification approach that consolidates packet-level classification outputs to identify anomalous sessions. The effectiveness of the proposed approach is demonstrated by a prototype system. Experiments on a publicly available benchmark dataset demonstrate the high performance of proposed approach achieving F1-measure exceeding 98%. It also shows that even when we used only a few packets in head parts of each session to obtain session-level predictions, the high F1-measure still could be achieved. This result implies that the proposed approach is also efficient in terms of the number of packets to be processed. These results highlight the promising potential of the proposed approach for adaptive network intrusion detection.</abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/ACCESS.2023.3335600</doi><tpages>19</tpages><orcidid>https://orcid.org/0000-0002-0977-4155</orcidid><orcidid>https://orcid.org/0000-0002-1728-5300</orcidid><orcidid>https://orcid.org/0000-0002-9616-3212</orcidid><orcidid>https://orcid.org/0000-0002-6477-7770</orcidid><orcidid>https://orcid.org/0000-0002-5819-3082</orcidid><oa>free_for_read</oa></addata></record>
fulltext	fulltext
identifier	ISSN: 2169-3536
ispartof	IEEE access, 2023, Vol.11, p.132792-132810
issn	2169-3536 2169-3536
language	eng
recordid	cdi_proquest_journals_2896026999
source	IEEE Xplore Open Access Journals
subjects	Anomalies Benchmark testing Classification Cybersecurity Feature extraction Intrusion detection systems Machine learning Network intrusion detection Network security network traffic analysis Payloads Prototypes Real-time systems System effectiveness Telecommunication traffic
title	Consolidating Packet-Level Features for Effective Network Intrusion Detection: A Novel Session-Level Approach
url	http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-07T17%3A01%3A00IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_ieee_&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Consolidating%20Packet-Level%20Features%20for%20Effective%20Network%20Intrusion%20Detection:%20A%20Novel%20Session-Level%20Approach&rft.jtitle=IEEE%20access&rft.au=Miyamoto,%20Kohei&rft.date=2023&rft.volume=11&rft.spage=132792&rft.epage=132810&rft.pages=132792-132810&rft.issn=2169-3536&rft.eissn=2169-3536&rft.coden=IAECCG&rft_id=info:doi/10.1109/ACCESS.2023.3335600&rft_dat=%3Cproquest_ieee_%3E2896026999%3C/proquest_ieee_%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c359t-e53b672cc2929a36819726f59dc8c11f12b1d1dfae3da37f5f36b2852a3fb32c3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2896026999&rft_id=info:pmid/&rft_ieee_id=10325518&rfr_iscdi=true